ISSC471 Compliance Within The Workstation and LAN Domains Discussion

/in /by

ISSC471 Compliance Within The Workstation and LAN Domains Discussion

Need to respond to the below two students discussions with at least 150 words minimum per discussion response. Below int he bold will be the questions the students are responding to.

Discussion Points:


1. Briefly discuss how the concept of workstation domains figure into your organizations security policies, please cite and list your references

2. Briefly discuss how the concept of LAN domains figure into your organizations security policies, please cite and list your references

Student one:

This week we learned about the workstation domain and why it’s important to maintain compliance. All users must use workstations to access information and complete their job responsibilities. The workstation domain consists of uninterruptible power supplies (UPS), desktop PCs, laptops, tablets, smartphones, printers, modem, external hard drives, and universal serial buses (USB) (Weiss, 190). These devices must be considered when implementing our organizational security policies. Policies that enforce the use of UPSs will ensure organizational resources remain available at all times. Policies that enforce security on workstations such as desktop PCs will ensure users don’t advertently or inadvertently cause network security breaches. These policies could include things such as preventing the downloading of third-party software, preventing the use of external media devices, and enforcing two factor authentication.

Compliance in the LAN domain is just as, if not more, important than the previously discussed workstation domain. The LAN domain’s primary responsibility is to “provide users with the ability to connect to and share resources” (Weiss, 215). Devices commonly found in this domain include connection media, networking devices, and servers. This domain makes up the very backbone of our networks. Without it, users would have nothing to access with there workstations. Policy in this domain must be strictly enforced to ensure minimal downtime and maximum availability of all network resources. Examples of this type of policy includes locking and protecting server rooms, following widely excepted networking standards for cables, updating software and operating systems on networking devices, and controlling temperatures for all server rooms.

Weiss, M. (2016). Auditing IT Infrastructures for Compliance. Burlington, MA: Jones & Bartlett Learning.

-Matthew

Student two:

Hello Class,

The workstation domain is one of the primary ways that regular users will access network information. Securing the workstation domain is vital to organizational security as this is the domain where most users (one of your largest vulnerabilities) resides (Weiss & Solomon, p. 189, 2015). The text states that protecting this domain is just as important as protecting other major assets as a loss can result in legal and reputation-based consequences as well as disrupt daily operations (Weiss & Solomon, p. 189, 2015). The two main reason for protecting this domain fall under information security and liability. Most organizations’ primary asset is information. Any loss, disruption, or exploitation of this data disrupts how the organization does business (Weiss & Solomon, p. 189, 2015). In addition to disruptions, loss of data can lead to liability issues. Information such as PII, HIPPA, etc. carries with it legal responsibilities for protection. Loss of protected data can result in legal action against the organization and serious loss in reputation (Weiss & Solomon, p. 189, 2015).

The LAN domain is generally the server(s) that most company data resides on and users typically interact with the LAN domain through the workstation domain (Weiss & Solomon, p. 214, 2015). LAN domain protection is often centered on protecting against and limiting remote access to resources (Weiss & Solomon, p. 215, 2015). This is due to the simple fact that the LAN domain involves clients connecting to the server through the use of the network. Protection measures include access controls, communication controls, anti-malware, backups, configuration control, monitoring, and patch management (Weiss & Solomon, p. 215, 2015). Proper controls will help ensure a strong C-I-A triad (Weiss & Solomon, p. 215, 2015).

Cheers!

– Chris Borland

References

Weiss, Martin & Solomon, Michael G. (2015). Auditing IT Infrastructures For Compliance.

Second Edition.Jones & Bartlett Learning: Information Systems Security & Assurance

Curriculum. ISBN: 1284090701 978-1284090703